Fortinet black logo

Cookbook

Home FortiAuthenticator 5.5.0 Cookbook

Importing the IdP certificate and metadata on the FortiAuthenticator

5.5.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.0
5.5.0
Copy Link
Copy Doc ID 53d09085-7746-11e9-81a4-00505692583a:45840
Download PDF

Importing the IdP certificate and metadata on the FortiAuthenticator

  1. On the FortiAuthenticator, go to Fortinet SSO Methods > SSO > SAML Authentication and import the IdP metadata and certificate downloaded earlier.

    2. This will automatically fill the IdP fields (as shown in the example). Make sure to select OK to save these changes.

  2. Select Download SP metadata – this will be uploaded to the Centrify tenant.

  3. Then go to Fortinet SSO Methods > SSO > FortiGate Filtering and create a new FortiGate filter.

    4. Enter a name and the FortiGate’s wan-interface IP address, and select OK.

    Once created, enable Fortinet Single Sign-On (FSSO). Select Create New to create an SSO group filtering object (as shown already created in the example), and select OK to apply all changes.

    Note that the name entered for the filter must be the same as the group name created for SAML users (saml_users). The two user groups must have the exact same name or SSO information will not be pushed to the FortiGate.

Previous
Next

Importing the IdP certificate and metadata on the FortiAuthenticator

  1. On the FortiAuthenticator, go to Fortinet SSO Methods > SSO > SAML Authentication and import the IdP metadata and certificate downloaded earlier.

    2. This will automatically fill the IdP fields (as shown in the example). Make sure to select OK to save these changes.

  2. Select Download SP metadata – this will be uploaded to the Centrify tenant.

  3. Then go to Fortinet SSO Methods > SSO > FortiGate Filtering and create a new FortiGate filter.

    4. Enter a name and the FortiGate’s wan-interface IP address, and select OK.

    Once created, enable Fortinet Single Sign-On (FSSO). Select Create New to create an SSO group filtering object (as shown already created in the example), and select OK to apply all changes.

    Note that the name entered for the filter must be the same as the group name created for SAML users (saml_users). The two user groups must have the exact same name or SSO information will not be pushed to the FortiGate.

Previous
Next